-
-
Like what you see?
LetsTalkUrl
Let's Talk
Following the Covid-19 pandemic, many employers were faced with the decision to continue allowing their employees to work remotely or to ask them to return onsite (or to work a hybrid schedule). According to research done by Gartner, two-thirds of job candidates working onsite would prefer to work in a hybrid or remote model, and 97% of hybrid and remote workers prefer to continue working in these models1.
While little has changed in the corporate environment with regard to the protection of data, the current number of remote workers and their continued desire to work remotely poses an increased number of security and privacy threats for public sector organizations. Specifically, lost or stolen equipment, malicious employees selling information for personal gain, and unintended disclosures are going to increase in the remote employee environment. Organizations can cover the lost or stolen equipment scenario by beefing up their mobile equipment policies and putting more onus on the employee for reimbursing the cost of lost/stolen equipment. Making employees aware of the state, local and Federal laws related to information theft, should also deter many employees from such activities. But how should they protect data from unintended disclosure from other threats that they cannot see or verify?
For example, we would never consider our family members or people we live with to be a danger to data disclosures because we trust them. However, consider a family member walking by your work area in the home and seeing a celebrity’s health record and then discussing what they saw, socially. There may not be any malicious intent, but this is still a disclosure. Other possibilities for unintended disclosures include accidental posting of protected information to public websites, and the use of unapproved transfer and storage methods such as cloud storage drives, or email (company to personal and vice versa), or even photos of the data taken with a cell phone.
Here are some ways to further protect your data under the remote workspace scenario:
This is just a small subset of the risks presented to protected data by remote work. A full inventory should be considered and addressed through corporate policy, procedure and practice. For more information on security and privacy risks contact Infosys at askus@infosyspublicservices.com
Also Read: The Remote Caseworker Conundrum
Christopher has over 20 years of experience in delivering all aspects of Information Security, with a specialization in Compliance and Risk Management in the healthcare industry. With a diverse educational background ranging from Education in Secondary Schools to Theater, he is an example of a self-taught IT professional. Christopher started his career as a Technical Support agent, progressing to Network Engineering and System Administration, and eventually finding purchase in Information Security. Christopher currently holds the Certified Information Systems Security (CISSP) and Certified Data Privacy Engineer Solutions Engineer (CDPSE) certifications.